Jim Whitehead wrote:
>
> Ben Laurie wrote:
>
> >>
> >> Here is a proposed draft charter for this working group, which will
> >> be discussed at the Cambridge meeting. Especially if you are
> >> not attending, I welcome your feedback.
> >
> >Pardon me if I've missed something but there seems to be no mention whatsoever
> >of security/authentication/permissions in this draft.
> >
> >BTW, which Cambridge?
> >
>
> Good points.
>
> Security is an item we are going to leave up to other groups to provide for
> us. However, our draft charter should make this clear.
>
> We have been operating under the assumption that MD5 authentication would
> be sufficient for our needs -- if something better than MD5 comes along, we
> would hope we could use it. Again, the draft should state this.
>
> Aside from locking, our work is *not* going to address access control or
> permissions. This is a huge issue, and I feel that we would never finish
> if we had to produce a consensus access control draft. This is an
> important issue, and one which will hopefully be addressed by *another*
> working group. But, the draft should make mention of this.
Fair enough. But there is an aspect of permissioning that probably should be
addressed by this WG, namely, the ownership/permissions of the file (or
equivalent entity) on the server. Not what they should be, of course, but how
one sets them.
Cheers,
Ben.
--
Ben Laurie Phone: +44 (181) 994 6435
Freelance Consultant and Fax: +44 (181) 994 6472
Technical Director Email: ben@algroup.co.uk
A.L. Digital Ltd, URL: http://www.algroup.co.uk
London, England. Apache Group member (http://www.apache.org)